makeplane
[bug]: Url for images/attachments wrong http instead of https
Is there an existing issue for this?
- [X] I have searched the existing issues
Current behavior
When i try to add an image or attachment to an issue, the url returned by the following request
returns
{
"upload_data": {
"url": "http://dev.domain/uploads",
"fields": {
"Content-Type": "image/png",
"key": "0600252d-b281-4198-994a-1cd0f1fcdd04/bc455979f1aa45f6b454a8a3608de5d8-ab_solid_shadow_holo.9 (1).png",
"x-amz-algorithm": "AWS4-HMAC-SHA256",
"x-amz-credential": "access-key/20241014/eu-central-1/s3/aws4_request",
"x-amz-date": "20241014T123859Z",
"policy": "eyJleHBpcmF0aW9uIjogIjIwMjQtMTAtMTRUMTM6Mzg6NTlaIiwgImNvbmRpdGlvbnMiOiBbeyJidWNrZXQiOiAidXBsb2FkcyJ9LCBbImNvbnRlbnQtbGVuZ3RoLXJhbmdlIiwgMSwgMTY4XSwgeyJDb250ZW50LVR5cGUiOiAiaW1hZ2UvcG5nIn0sIHsia2V5IjogIjA2MDAyNTJkLWIyODEtNDE5OC05OTRhLTFjZDBmMWZjZGQwNC9iYzQ1NTk3OWYxYWE0NWY2YjQ1NGE4YTM2MDhkZTVkOC1hYl9zb2xpZF9zaGFkb3dfaG9sby45ICgxKS5wbmcifSwgeyJidWNrZXQiOiAidXBsb2FkcyJ9LCB7ImtleSI6ICIwNjAwMjUyZC1iMjgxLTQxOTgtOTk0YS0xY2QwZjFmY2RkMDQvYmM0NTU5NzlmMWFhNDVmNmI0NTRhOGEzNjA4ZGU1ZDgtYWJfc29saWRfc2hhZG93X2hvbG8uOSAoMSkucG5nIn0sIHsieC1hbXotYWxnb3JpdGhtIjogIkFXUzQtSE1BQy1TSEEyNTYifSwgeyJ4LWFtei1jcmVkZW50aWFsIjogImFjY2Vzcy1rZXkvMjAyNDEwMTQvZXUtY2VudHJhbC0xL3MzL2F3czRfcmVxdWVzdCJ9LCB7IngtYW16LWRhdGUiOiAiMjAyNDEwMTRUMTIzODU5WiJ9XX0=",
"x-amz-signature": "b7a516496691a223c0fcf1f73e2a34c6f2759f7dde34ab4b23373a7616f553d3"
}
},
"asset_id": "049edbda-d0fd-4f57-be09-2d007ad70879",
"asset_url": "/api/assets/v2/workspaces/dti/projects/55bde539-8ee5-4b8f-918a-84aff8de52a3/049edbda-d0fd-4f57-be09-2d007ad70879/"
}
and the following request gets blocked (mixed content)
My docker env variables are
# DATA STORE SETTINGS
USE_MINIO=1
AWS_REGION=eu-central-1
AWS_ACCESS_KEY_ID=access-key
AWS_SECRET_ACCESS_KEY=secret-key
AWS_S3_ENDPOINT_URL=http://plane-minio:9000
AWS_S3_BUCKET_NAME=uploads
MINIO_ROOT_USER=access-key
MINIO_ROOT_PASSWORD=secret-key
BUCKET_NAME=uploads
FILE_SIZE_LIMIT=5242880
Steps to reproduce
Clean install of preview community edition using docker.
Environment
Deploy preview
Browser
Google Chrome
Variant
Self-hosted
Version
preview
This behaviour can't be reproduced on the 0.23.1 release (there it's working as intended). I wanted to check the private bucket implementation (protected attachments)
this problem occured in self hosting statble. i use my own db, so i fix rabbit mq , postgresql , redis setting and i am already to change web_url, AWS_S3_ENDPOINT_URL, and change my server nginx setting
how can i do to change image api http to https?
docker-compose
x-db-env: &db-env
PGHOST: ${PGHOST:-plane-db}
PGDATABASE: ${PGDATABASE:-plane}
POSTGRES_USER: ${POSTGRES_USER:-plane}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-plane}
POSTGRES_DB: ${POSTGRES_DB:-plane}
POSTGRES_PORT: ${POSTGRES_PORT:-5432}
PGDATA: ${PGDATA:-/var/lib/postgresql/data}
x-redis-env: &redis-env
REDIS_HOST: ${REDIS_HOST:-plane-redis}
REDIS_PORT: ${REDIS_PORT:-6379}
REDIS_URL: ${REDIS_URL:-redis://plane-redis:6379/}
x-minio-env: &minio-env
MINIO_ROOT_USER: ${AWS_ACCESS_KEY_ID:-access-key}
MINIO_ROOT_PASSWORD: ${AWS_SECRET_ACCESS_KEY:-secret-key}
x-aws-s3-env: &aws-s3-env
AWS_REGION: ${AWS_REGION:-}
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-access-key}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-secret-key}
AWS_S3_ENDPOINT_URL: ${AWS_S3_ENDPOINT_URL:-http://plane-minio:9000}
AWS_S3_BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads}
x-proxy-env: &proxy-env
NGINX_PORT: ${NGINX_PORT:-80}
BUCKET_NAME: ${AWS_S3_BUCKET_NAME:-uploads}
FILE_SIZE_LIMIT: ${FILE_SIZE_LIMIT:-5242880}
x-mq-env: &mq-env
# RabbitMQ Settings
RABBITMQ_HOST: ${RABBITMQ_HOST:-plane-mq}
RABBITMQ_PORT: ${RABBITMQ_PORT:-5672}
RABBITMQ_DEFAULT_USER: ${RABBITMQ_USER:-plane}
RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-plane}
RABBITMQ_DEFAULT_VHOST: ${RABBITMQ_VHOST:-plane}
RABBITMQ_VHOST: ${RABBITMQ_VHOST:-plane}
x-live-env: &live-env
API_BASE_URL: ${API_BASE_URL:-http://api:8000}
x-app-env: &app-env
WEB_URL: ${WEB_URL:-http://localhost}
DEBUG: ${DEBUG:-0}
SENTRY_DSN: ${SENTRY_DSN}
SENTRY_ENVIRONMENT: ${SENTRY_ENVIRONMENT:-production}
CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS}
GUNICORN_WORKERS: 1
USE_MINIO: ${USE_MINIO:-1}
DATABASE_URL: ${DATABASE_URL:-postgresql://plane:plane@plane-db/plane}
SECRET_KEY: ${SECRET_KEY:-60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5}
ADMIN_BASE_URL: ${ADMIN_BASE_URL}
SPACE_BASE_URL: ${SPACE_BASE_URL}
APP_BASE_URL: ${APP_BASE_URL}
AMQP_URL: ${AMQP_URL:-amqp://plane:plane@plane-mq:5672/plane}
services:
web:
image: ${DOCKERHUB_USER:-makeplane}/plane-frontend:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: node web/server.js web
deploy:
replicas: ${WEB_REPLICAS:-1}
depends_on:
- api
- worker
space:
image: ${DOCKERHUB_USER:-makeplane}/plane-space:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: node space/server.js space
deploy:
replicas: ${SPACE_REPLICAS:-1}
depends_on:
- api
- worker
- web
admin:
image: ${DOCKERHUB_USER:-makeplane}/plane-admin:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: node admin/server.js admin
deploy:
replicas: ${ADMIN_REPLICAS:-1}
depends_on:
- api
- web
live:
image: ${DOCKERHUB_USER:-makeplane}/plane-live:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: node live/dist/server.js live
environment:
<<: [ *live-env ]
deploy:
replicas: ${LIVE_REPLICAS:-1}
depends_on:
- api
- web
api:
image: ${DOCKERHUB_USER:-makeplane}/plane-backend:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: ./bin/docker-entrypoint-api.sh
deploy:
replicas: ${API_REPLICAS:-1}
volumes:
- logs_api:/code/plane/logs
environment:
<<: [ *app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env ]
worker:
image: ${DOCKERHUB_USER:-makeplane}/plane-backend:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: ./bin/docker-entrypoint-worker.sh
volumes:
- logs_worker:/code/plane/logs
environment:
<<: [ *app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env ]
depends_on:
- api
beat-worker:
image: ${DOCKERHUB_USER:-makeplane}/plane-backend:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
command: ./bin/docker-entrypoint-beat.sh
volumes:
- logs_beat-worker:/code/plane/logs
environment:
<<: [ *app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env ]
depends_on:
- api
migrator:
image: ${DOCKERHUB_USER:-makeplane}/plane-backend:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: "no"
command: ./bin/docker-entrypoint-migrator.sh
volumes:
- logs_migrator:/code/plane/logs
environment:
<<: [ *app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env ]
plane-minio:
image: minio/minio:latest
pull_policy: if_not_present
restart: unless-stopped
command: server /export --console-address ":9090"
environment:
<<: *minio-env
volumes:
- uploads:/export
# Comment this if you already have a reverse proxy running
proxy:
image: ${DOCKERHUB_USER:-makeplane}/plane-proxy:${APP_RELEASE:-stable}
platform: ${DOCKER_PLATFORM:-}
pull_policy: if_not_present
restart: unless-stopped
ports:
- ${NGINX_PORT}:80
environment:
<<: *proxy-env
depends_on:
- web
- api
- space
volumes:
pgdata:
uploads:
logs_api:
logs_worker:
logs_beat-worker:
logs_migrator:
env file
APP_DOMAIN=domain.com
APP_RELEASE=stable
WEB_REPLICAS=1
SPACE_REPLICAS=1
ADMIN_REPLICAS=1
API_REPLICAS=1
NGINX_PORT=80
WEB_URL=https://${APP_DOMAIN}
DEBUG=0
SENTRY_DSN=
SENTRY_ENVIRONMENT=production
CORS_ALLOWED_ORIGINS=https://${APP_DOMAIN}
API_BASE_URL=http://api:8000
#CSRF
CSRF_TRUSTED_ORIGINS=https://${APP_DOMAIN}
CSRF_COOKIE_DOMAIN=${APP_DOMAIN}
CSRF_COOKIE_SECURE=True
#DB SETTINGS
PGHOST=localhost
PGDATABASE=plane
POSTGRES_USER=root
POSTGRES_PASSWORD=qwer1234
POSTGRES_DB=plane
POSTGRES_PORT=2222
PGDATA=/var/lib/postgresql/data
DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
# REDIS SETTINGS
REDIS_HOST=localhost
REDIS_PORT=1111
REDIS_USER=default
REDIS_PASSWORD=asdf
REDIS_URL=redis://${REDIS_USER}:${REDIS_PASSWORD}@${REDIS_HOST}:${REDIS_PORT}/
# RabbitMQ Settings
RABBITMQ_HOST=localhost
RABBITMQ_PORT=3333
RABBITMQ_USER=asdf
RABBITMQ_PASSWORD=asdf
RABBITMQ_VHOST=plane
AMQP_URL=amqp://${RABBITMQ_USER}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}/${RABBITMQ_VHOST}
# Secret Key
SECRET_KEY=60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5
# DATA STORE SETTINGS
USE_MINIO=1
AWS_REGION=aaa
AWS_ACCESS_KEY_ID=accesskey
AWS_SECRET_ACCESS_KEY=accesskey
AWS_S3_ENDPOINT_URL=http://plane-minio:9000
AWS_S3_BUCKET_NAME=upload
AWS_S3_USE_SSL=1
FILE_SIZE_LIMIT=5242880
# Gunicorn Workers
GUNICORN_WORKERS=1
# UNCOMMENT `DOCKER_PLATFORM` IF YOU ARE ON `ARM64` AND DOCKER IMAGE IS NOT AVAILABLE FOR RESPECTIVE `APP_RELEASE`
# DOCKER_PLATFORM=linux/amd64
# Email
EMAIL_HOST = "smtp.gmail.com"
EMAIL_PORT = 587
EMAIL_USE_TLS = True
EMAIL_USE_SSL = True
EMAIL_HOST_USER = "[email protected]"
EMAIL_HOST_PASSWORD = "test"
EMAIL_FROM = "[email protected]"
Same problem with me, the api https://domain.com/api/assets/v2.../attachments got result: "upload_data": { "url": "http://127.0.0.1:8099/uploads", }
the url should be domain.com
i solve my problem to change some option in my dns server i use cloudflare . so i set "HTTPS Rewrites"
Thank you, i have already solved.
I'm using Apache2 and added the following to my .conf file: ProxyPreserveHost On RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
Problem is because Plane could be behind reverse proxy that adds secure layer. Exact error line is "apiserver/plane/settings/storage.py:42" You should not generate url but instead use predefined from env like this
endpoint_url=(
os.environ.get("WEB_URL")
if request
else self.aws_s3_endpoint_url
),
BTW I think lines
if request
else self.aws_s3_endpoint_url
are unnecessary, but I'm not sure. Why use aws endpoint if MinIO is enabled???
I have Plane running behind an Apache proxy, and after a recent Plane upgrade, I encountered the same issue.
I was able to resolve it by adding the following headers to the Apache proxy virtual server config:
RequestHeader set X-Real-IP %{REMOTE_ADDR}e
RequestHeader set X-Forwarded-For "%{X-Forwarded-For}e, %{REMOTE_ADDR}e"
RequestHeader set X-Forwarded-Host %{HTTP_HOST}e
RequestHeader set X-Forwarded-Proto "https"
I haven’t changed anything related to the Plane configuration after the upgrade.
Hope it helps.
Faced similiar issue with v0.26.0.
Request looks like:
POST
scheme - http
host - 192.168.0.2:180
filename /uploads
Referrer Policystrict-origin-when-cross-origin
DNS ResolutionSystem
Host 192.168.0.2:180
Origin https://plane.example.dns
In nginx, you would add this to location /
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port $server_port;
Same issue here. Plane behind proxy. I could make it work if I disable USE_MINIO=0 and add this: AWS_S3_ENDPOINT_URL=${WEB_URL}
But then file is uploaded but cannot be seen
